From 6488c98400b4f55885b396fc50e0e7b1fd74e2c5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 26 Mar 2019 17:00:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2013/2xxx/CVE-2013-2806.json | 79 +++++++++++++++++++++++++++++++--- 2013/2xxx/CVE-2013-2807.json | 79 +++++++++++++++++++++++++++++++--- 2014/5xxx/CVE-2014-5401.json | 58 ++++++++++++++++++++++--- 2015/6xxx/CVE-2015-6563.json | 5 +++ 2015/6xxx/CVE-2015-6564.json | 5 +++ 2019/10xxx/CVE-2019-10064.json | 18 ++++++++ 2019/9xxx/CVE-2019-9053.json | 53 ++++++++++++++++++++++- 2019/9xxx/CVE-2019-9055.json | 53 ++++++++++++++++++++++- 2019/9xxx/CVE-2019-9057.json | 53 ++++++++++++++++++++++- 2019/9xxx/CVE-2019-9058.json | 53 ++++++++++++++++++++++- 2019/9xxx/CVE-2019-9059.json | 53 ++++++++++++++++++++++- 2019/9xxx/CVE-2019-9061.json | 53 ++++++++++++++++++++++- 12 files changed, 529 insertions(+), 33 deletions(-) create mode 100644 2019/10xxx/CVE-2019-10064.json diff --git a/2013/2xxx/CVE-2013-2806.json b/2013/2xxx/CVE-2013-2806.json index 6136ef9721e..57aad38229a 100644 --- a/2013/2xxx/CVE-2013-2806.json +++ b/2013/2xxx/CVE-2013-2806.json @@ -1,17 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2013-2806", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-2806", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "RSLinx Enterprise Software", + "version": { + "version_data": [ + { + "version_value": "CPR9" + }, + { + "version_value": "CPR9-SR1" + }, + { + "version_value": "CPR9-SR2" + }, + { + "version_value": "CPR9-SR3" + }, + { + "version_value": "CPR9-SR4" + }, + { + "version_value": "CPR9-SR5" + }, + { + "version_value": "CPR9-SR5.1" + }, + { + "version_value": "CPR9-SR6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow CWE-190" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cEnd of Current Record\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size.\u201d Then the service will calculate an incorrect value for the \u201cEnd of Current Record\u201d field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599" } ] } diff --git a/2013/2xxx/CVE-2013-2807.json b/2013/2xxx/CVE-2013-2807.json index 20aa88c48ed..f687435bedc 100644 --- a/2013/2xxx/CVE-2013-2807.json +++ b/2013/2xxx/CVE-2013-2807.json @@ -1,17 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2013-2807", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-2807", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "RSLinx Enterprise Software", + "version": { + "version_data": [ + { + "version_value": "CPR9" + }, + { + "version_value": "CPR9-SR1" + }, + { + "version_value": "CPR9-SR2" + }, + { + "version_value": "CPR9-SR3" + }, + { + "version_value": "CPR9-SR4" + }, + { + "version_value": "CPR9-SR5" + }, + { + "version_value": "CPR9-SR5.1" + }, + { + "version_value": "CPR9-SR6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow CWE-190" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cTotal Record Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size\u201d that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599" } ] } diff --git a/2014/5xxx/CVE-2014-5401.json b/2014/5xxx/CVE-2014-5401.json index c862d0a89d3..2c832e600b9 100644 --- a/2014/5xxx/CVE-2014-5401.json +++ b/2014/5xxx/CVE-2014-5401.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-5401", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-5401", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hospira", + "product": { + "product_data": [ + { + "product_name": "MedNet", + "version": { + "version_data": [ + { + "version_value": "<= 5.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code injection CWE-94" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1." } ] } diff --git a/2015/6xxx/CVE-2015-6563.json b/2015/6xxx/CVE-2015-6563.json index f22c3ea6020..52c560fd9c7 100644 --- a/2015/6xxx/CVE-2015-6563.json +++ b/2015/6xxx/CVE-2015-6563.json @@ -131,6 +131,11 @@ "name": "https://security.netapp.com/advisory/ntap-20180201-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180201-0002/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766" } ] } diff --git a/2015/6xxx/CVE-2015-6564.json b/2015/6xxx/CVE-2015-6564.json index c856489b2a5..f03140e09a3 100644 --- a/2015/6xxx/CVE-2015-6564.json +++ b/2015/6xxx/CVE-2015-6564.json @@ -121,6 +121,11 @@ "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764" } ] } diff --git a/2019/10xxx/CVE-2019-10064.json b/2019/10xxx/CVE-2019-10064.json new file mode 100644 index 00000000000..f8b07b4d0e9 --- /dev/null +++ b/2019/10xxx/CVE-2019-10064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9053.json b/2019/9xxx/CVE-2019-9053.json index c8fba18b7b9..1bf3554fe67 100644 --- a/2019/9xxx/CVE-2019-9053.json +++ b/2019/9xxx/CVE-2019-9053.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9053", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum", + "url": "https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum" + }, + { + "refsource": "MISC", + "name": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg", + "url": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg" } ] } diff --git a/2019/9xxx/CVE-2019-9055.json b/2019/9xxx/CVE-2019-9055.json index 1966e1921f6..d2994dc701b 100644 --- a/2019/9xxx/CVE-2019-9055.json +++ b/2019/9xxx/CVE-2019-9055.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9055", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum", + "url": "https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum" + }, + { + "refsource": "MISC", + "name": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg", + "url": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg" } ] } diff --git a/2019/9xxx/CVE-2019-9057.json b/2019/9xxx/CVE-2019-9057.json index 1e6a2f8fd35..a6d67539166 100644 --- a/2019/9xxx/CVE-2019-9057.json +++ b/2019/9xxx/CVE-2019-9057.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9057", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum", + "url": "https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum" + }, + { + "refsource": "MISC", + "name": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg", + "url": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg" } ] } diff --git a/2019/9xxx/CVE-2019-9058.json b/2019/9xxx/CVE-2019-9058.json index 4e32941b6b7..1690a365288 100644 --- a/2019/9xxx/CVE-2019-9058.json +++ b/2019/9xxx/CVE-2019-9058.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9058", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum", + "url": "https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum" + }, + { + "refsource": "MISC", + "name": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg", + "url": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg" } ] } diff --git a/2019/9xxx/CVE-2019-9059.json b/2019/9xxx/CVE-2019-9059.json index 22a88771cca..6e0f0af435e 100644 --- a/2019/9xxx/CVE-2019-9059.json +++ b/2019/9xxx/CVE-2019-9059.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9059", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting \"sendmail\" in the \"Mailer\" option, and launching the \"Forgot your password\" feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum", + "url": "https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum" + }, + { + "refsource": "MISC", + "name": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg", + "url": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg" } ] } diff --git a/2019/9xxx/CVE-2019-9061.json b/2019/9xxx/CVE-2019-9061.json index 5ed7ba0e758..52021573ab5 100644 --- a/2019/9xxx/CVE-2019-9061.json +++ b/2019/9xxx/CVE-2019-9061.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9061", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the \"install module\" feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum", + "url": "https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum" + }, + { + "refsource": "MISC", + "name": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg", + "url": "https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg" } ] }